The workaround is to load all conversions into memory ahead of time, and will
only happen if the ruby version is exactly 1.9.3p0. The hope is obviously that
the underlying problem will be resolved in the next patchlevel release of
1.9.3.

Jon Leighton

Ensure users upgrading from 3.0.x to 3.1.x will properly upgrade their flash object in session (issues #3298 and #2509)

Changing rake db:schema:dump to run :environment as well as :load_config,
as running :load_config alone will lead to the dumper being run without
including extensions such as those included in foreigner and
spatial_adapter.

I'm assuming here that :load_config needs to be invoked
separately from :environment, as it is elsewhere in the
file for db operations, if not the alternative is to go
back to "task :dump => :environment do".

Ben Woosley

Update to rack-cache 1.1.

Versions prior to 1.1 delete the If-Modified-Since and If-Not-Modified
headers when config.action_controller.perform_caching is true. This has two
problems:
* unexpected inconsistent behaviour between development &
production environments
* breaks applications that use of these headers

Brendan Ribera

Ensure that enhancements to assets:precompile task are only run once Sam Pohlenz

TestCase should respect the view_assigns API instead of pulling variables on
its own. José Valim

javascript_path and stylesheet_path now refer to /assets if asset pipelining
is on. Santiago Pastorino

button_to support form option. Now you're able to pass for example
'data-type' => 'json'. ihower

image_path and image_tag should use /assets if asset pipelining is turned
on. Closes #3126 Santiago Pastorino and christos

Allow asset tag helper methods to accept :digest => false option in order to completely avoid the digest generation.
Useful for linking assets from static html files or from emails when the user
could probably look at an older html email with an older asset. Santiago Pastorino

Fixed the behavior of asset pipeline when config.assets.digest and config.assets.compile are false and requested asset isn't precompiled.
Before the requested asset were compiled anyway ignoring that the config.assets.compile flag is false. Guillermo Iguaran

Fix escape_js to work correctly with the new SafeBuffer restriction Paul Gallagher

Brought back alternative convention for namespaced models in i18n thoefer

Now the key can be either "namespace.model" or "namespace/model" until further deprecation.

It is prohibited to perform a in-place SafeBuffer mutation tenderlove

The old behavior of SafeBuffer allowed you to mutate string in place via
method like sub!. These methods can add unsafe strings to a safe buffer,
and the safe buffer will continue to be marked as safe.

An example problem would be something like this:

<%= link_to('hello world', @user).sub!(/hello/, params[:xss]) %>

In the above example, an untrusted string (params[:xss]) is added to the
safe buffer returned by link_to, and the untrusted content is successfully
sent to the client without being escaped. To prevent this from happening
sub! and other similar methods will now raise an exception when they are called on a safe buffer.

In addition to the in-place versions, some of the versions of these methods which return a copy of the string will incorrectly mark strings as safe. For example:

<%= link_to('hello world', @user).sub(/hello/, params[:xss]) %>

The new versions will now ensure that all strings returned by these methods on safe buffers are marked unsafe.

Allow you to add force_ssl into controller to force browser to transfer data via HTTPS protocol on that particular controller. You can also specify :only or :except to specific it to particular action. DHH and Prem Sichanugrist

Allow FormHelper#form_for to specify the :method as a direct option instead of through the :html hash DHH

Template lookup now searches further up in the inheritance chain. Artemave

Brought back config.action_view.cache_template_loading, which allows to decide whether templates should be cached or not. Piotr Sarnacki

url_for and named url helpers now accept :subdomain and :domain as options, Josh Kalderimis

The redirect route method now also accepts a hash of options which will only change the parts of the url in question, or an object which responds to call, allowing for redirects to be reused (check the documentation for examples). Josh Kalderimis

Added config.action_controller.include_all_helpers. By default 'helper :all' is done in ActionController::Base, which includes all the helpers by default. Setting include_all_helpers to false will result in including only application_helper and helper corresponding to controller (like foo_helper for foo_controller). Piotr Sarnacki

Added a convenience idiom to generate HTML5 data-* attributes in tag helpers from a :data hash of options:

Moved etag responsibility from ActionDispatch::Response to the middleware stack. José Valim

Rely on Rack::Session stores API for more compatibility across the Ruby world. This is backwards incompatible since Rack::Session expects #get_session to accept 4 arguments and requires #destroy_session instead of simply #destroy. José Valim

Add Rack::Cache to the default stack. Create a Rails store that delegates to the Rails cache, so by default, whatever caching layer you are using will be used for HTTP caching. Note that Rack::Cache will be used if you use #expires_in, #fresh_when or #stale with :public => true. Otherwise, the caching rules will apply to the browser only. Yehuda Katz, Carl Lerche

Rails 3.0.7 (April 18, 2011)

No changes.

Rails 3.0.6 (April 5, 2011)

Fixed XSS vulnerability in auto_link. auto_link no longer marks input as
html safe. Please make sure that calls to auto_link() are wrapped in a
sanitize(), or a raw() depending on the type of input passed to auto_link().
For example:

<%= sanitize(auto_link(some_user_input)) %>

Thanks to Torben Schulz for reporting this. The fix can be found here:
61ee3449674c591747db95f9b3472c5c3bd9e84d

Fixes the output of rake routes to be correctly match to the behavior of the application, as the regular expression used to match the path is greedy and won't capture the format part by default Prem Sichanugrist

Fixes an issue with number_to_human when converting values which are less than 1 but greater than -1 Josh Kalderimis

Sensitive query string parameters (specified in config.filter_parameters) will now be filtered out from the request paths in the log file. Prem Sichanugrist, fxn

URL parameters which return nil for to_param are now removed from the query string Andrew White

Don't allow i18n to change the minor version, version now set to ~> 0.5.0 Santiago Pastorino

Make TranslationHelper#translate use the :rescue_format option in I18n 0.5.0 Sven Fuchs

Fix Action caching bug where an action that has a non-cacheable response always renders a nil response body. It now correctly renders the response body. Cheah Chu Yeow

Rails 3.0.5 (February 26, 2011)

No changes.

Rails 3.0.4 (February 8, 2011)

No changes.

Rails 3.0.3 (November 16, 2010)

When ActiveRecord::Base objects are sent to predicate methods, the id of the object should be sent to ARel, not the ActiveRecord::Base object.

:constraints routing should only do sanity checks against regular expressions. String arguments are OK.

Rails 3.0.2 (November 15, 2010)

The helper number_to_currency accepts a new :negative_format option to be able to configure how to render negative amounts. Don Wilson

Rails 3.0.1 (October 15, 2010)

No Changes, just a version bump.

Rails 3.0.0 (August 29, 2010)

password_field renders with nil value by default making the use of passwords secure by default, if you want to render you should do for instance f.password_field(:password, :value => @user.password) Santiago Pastorino

Symbols and strings in routes should yield the same behavior. Note this may break existing apps that were using symbols with the new routes API. José Valim

Add clear_helpers as a way to clean up all helpers added to this controller, maintaining just the helper with the same name as the controller. José Valim

Support routing constraints in functional tests. Andrew White

Add a header that tells Internet Explorer (all versions) to use the best available standards support. Yehuda Katz

Allow stylesheet/javascript extensions to be changed through railties. Josh Kalderimis

link_to, button_to, and tag/tag_options now rely on html_escape instead of escape_once. fxn

Both :xml and :json renderers now forwards the given options to the model, allowing you to invoke them as render :xml => @projects, :include => :tasks José Valim, Yehuda Katz

Renamed the field error CSS class from fieldWithErrors to field_with_errors for consistency. Jeremy Kemper

Add support for shorthand routes like /projects/status(.:format) #4423 Diego Carrion

Changed translate helper so that it doesn’t mark every translation as safe HTML. Only keys with a "_html" suffix and keys named "html" are considered to be safe HTML. All other translations are left untouched. Craig Davey

Added #favicon_link_tag, it uses #image_path so in particular the favicon gets an asset ID fxn

Fixed that default locale templates should be used if the current locale template is missing DHH

Added all the new HTML5 form types as individual form tag methods (search, url, number, etc) #3646 Stephen Celis

Changed the object used in routing constraints to be an instance of
ActionDispatch::Request rather than Rack::Request YK

Changed ActionDispatch::Request#method to return a String, to be compatible
with Rack::Request. Added ActionDispatch::Request#method_symbol to
return a symbol form of the request method. YK

Changed ActionDispatch::Request#method to return the original
method and #request_method to return the overridden method in the
case of methodoverride being used (this means that #method returns
"HEAD" and #request_method returns "GET" in HEAD requests). This
is for compatibility with Rack::Request YK

#concat is now deprecated in favor of using <%= %> helpers YK

Block helpers now return Strings, so you can use <%= form_for @foo do |f| %>.
<% form_for do |f| %> still works with deprecation notices YK

Add a new #mount method on the router that does not anchor the PATH_INFO
at the end YK & CL

Create a new LookupContext object that is responsible for performantly
finding a template for a given pattern JV

Removed relative_url_for in favor of respecting SCRIPT_NAME YK & CL

Changed file streaming to use Rack::Sendfile middleware YK

ActionDispatch::Request#content_type returns a String to be compatible with
Rack::Request. Use #content_mime_type for the Mime::Type instance YK

Updated Prototype to 1.6.1 and Scriptaculous to 1.8.3 ML

Change the preferred way that URL helpers are included into a classYK & CL

# for all helpers including named routes
include Rails.application.router.url_helpers
# for just url_for
include Rails.application.router.url_for

Fixed that PrototypeHelper#update_page should return html_safe DHH

Fixed that much of DateHelper wouldn't return html_safe? strings DHH

Fixed that fragment caching should return a cache hit as html_safe (or it would all just get escaped) DHH

Added that ActionController::Base now does helper :all instead of relying on the default ApplicationController in Rails to do it DHH

Added support for multiple routes.rb files (useful for plugin engines). This also means that draw will no longer clear the route set, you have to do that by hand (shouldn't make a difference to you unless you're doing some funky stuff) David Heinemeier Hansson

Dropped formatted_* routes in favor of just passing in :format as an option. This cuts resource routes generation in half #1359 aaronbatalion

Remove support for old double-encoded cookies from the cookie store. These values haven't been generated since before 2.1.0, and any users who have visited the app in the intervening 6 months will have had their cookie upgraded. Michael Koziarski

class ArticlesController < ApplicationController
def show_with_respond_to_block
@article = Article.find(params[:id])
# If the request sends headers that differs from the options provided to stale?, then
# the request is indeed stale and the respond_to block is triggered (and the options
# to the stale? call is set on the response).
#
# If the request headers match, then the request is fresh and the respond_to block is
# not triggered. Instead the default render will occur, which will check the last-modified
# and etag headers and conclude that it only needs to send a "304 Not Modified" instead
# of rendering the template.
if stale?(:last_modified => @article.published_at.utc, :etag => @article)
respond_to do |wants|
# normal response processing
end
end
end
def show_with_implied_render
@article = Article.find(params[:id])
# Sets the response headers and checks them against the request, if the request is stale
# (i.e. no match of either etag or last-modified), then the default render of the template happens.
# If the request is fresh, then the default render will return a "304 Not Modified"
# instead of rendering the template.
fresh_when(:last_modified => @article.published_at.utc, :etag => @article)
end
end

2.1.0 (May 31st, 2008)

Fixed that forgery protection can be used without session tracking (Peter Jones) #139

Added session(:on) to turn session management back on in a controller subclass if the superclass turned it off (Peter Jones) #136

Change the request forgery protection to go by Content-Type instead of request.format so that you can't bypass it by POSTing to "#{request.uri}.xml" Rick Olson

InstanceTag#default_time_from_options with hash args uses Time.current as default; respects hash settings when time falls in system local spring DST gap Geoff Buesing

select_date defaults to Time.zone.today when config.time_zone is set Geoff Buesing

Fixed that TextHelper#text_field would corrypt when raw HTML was used as the value (mchenryc, Kevin Glowacz) #80

Added ActionController::TestCase#rescue_action_in_public! to control whether the action under test should use the regular rescue_action path instead of simply raising the exception inline (great for error testing) David Heinemeier Hansson

Reduce number of instance variables being copied from controller to view. Pratik Naik

select_datetime and select_time default to Time.zone.now when config.time_zone is set Geoff Buesing

datetime_select defaults to Time.zone.now when config.time_zone is set Geoff Buesing

Fixed that TextHelper#excerpt would include one character too many #11268 Irfy

Fix more obscure nested parameter hash parsing bug. #10797 thomas.lee

Added ActionView::Helpers::register_javascript/stylesheet_expansion to make it easier for plugin developers to inject multiple assets. #10350 lotswholetime

Fix nested parameter hash parsing bug. #10797 thomas.lee

Allow using named routes in ActionController::TestCase before any request has been made. Closes #11273 Eloy Duran

Fixed that sweepers defined by cache_sweeper will be added regardless of the perform_caching setting. Instead, control whether the sweeper should be run with the perform_caching setting. This makes testing easier when you want to turn perform_caching on/off David Heinemeier Hansson

Make MimeResponds::Responder#any work without explicit types. Closes #11140 jaw6

Added that requests with JavaScript as the priority mime type in the accept header and no format extension in the parameters will be treated as though their format was :js when it comes to determining which template to render. This makes it possible for JS requests to automatically render action.js.rjs files without an explicit respond_to block David Heinemeier Hansson

All fragment cache keys are now by default prefixed with the "views/" namespace David Heinemeier Hansson

Moved the caching stores from ActionController::Caching::Fragments::* to ActiveSupport::Cache::. If you're explicitly referring to a store, like ActionController::Caching::Fragments::MemoryStore, you need to update that reference with ActiveSupport::Cache::MemoryStore *David Heinemeier Hansson

error_messages_for also takes :message and :header_message options which defaults to the old "There were problems with the following fields:" and " errors prohibited this from being saved". #8270 rmm5t, zach-inglis-lt3

Make sure that custom inflections are picked up by map.resources. #9815 Mislav Marohnić

Changed SanitizeHelper#sanitize to only allow the custom attributes and tags when specified in the call David Heinemeier Hansson

Extracted sanitization methods from TextHelper to SanitizeHelper David Heinemeier Hansson

This merges and renames the popular white_list helper (along with some css sanitizing from Jacques Distler version of the same plugin).
Also applied updated versions of #strip_tags and #strip_links from #8877.

Removed the deprecated behavior of appending ".png" to image_tag/image_path calls without an existing extension David Heinemeier Hansson

Removed ActionController::Base.scaffold -- it went through the whole idea of scaffolding (card board walls you remove and tweak one by one). Use the scaffold generator instead (it does resources too now!) David Heinemeier Hansson

Optimise named route generation when using positional arguments. Michael Koziarski

This change delivers significant performance benefits for the most
common usage scenarios for modern rails applications by avoiding the
costly trip through url_for. Initial benchmarks indicate this is
between 6 and 20 times as fast.

Allow you to render views with periods in the name. Closes #8076 Norbert Crombach

render :partial => 'show.html.erb'

Improve capture helper documentation. #8796 Chris Kampmeier

Prefix nested resource named routes with their action name, e.g. new_group_user_path(@group) instead of group_new_user_path(@group). The old nested action named route is deprecated in Rails 1.2.4. #8558 David Chelimsky

Allow sweepers to be created solely for expiring after controller actions, not model changes David Heinemeier Hansson

Added assigns method to ActionController::Caching::Sweeper to easily access instance variables on the controller David Heinemeier Hansson

Before:
map.resources :emails do |emails|
emails.resources :comments, :name_prefix => "email_"
emails.resources :attachments, :name_prefix => "email_"
end
After:
map.resources :emails do |emails|
emails.resources :comments
emails.resources :attachments
end
This does mean that if you intended to have comments_url go to /emails/5/comments, then you'll have to set :name_prefix to nil explicitly.

Added :has_many and :has_one for declaring plural and singular resources beneath the current David Heinemeier Hansson

respond_to do |format|
format.xml do
render :action => "#{action_name}.rxml"
end
end

Fix WSOD due to modification of a formatted template extension so that requests to templates like 'foo.html.erb' fail on the second hit. Rick Olson

Fix WSOD when template compilation fails Rick Olson

Change ActionView template defaults. Look for templates using the request format first, such as "show.html.erb" or "show.xml.builder", before looking for the old defaults like "show.erb" or "show.builder" Rick Olson

Highlight helper highlights one or many terms in a single pass. Jeremy Kemper

Dropped the use of ; as a separator of non-crud actions on resources and went back to the vanilla slash. It was a neat idea, but lots of the non-crud actions turned out not to be RPC (as the ; was primarily intended to discourage), but legitimate sub-resources, like /parties/recent, which didn't deserve the uglification of /parties;recent. Further more, the semicolon caused issues with caching and HTTP authentication in Safari. Just Not Worth It David Heinemeier Hansson

Added that FormTagHelper#submit_tag will return to its original state if the submit fails and you're using :disable_with David Heinemeier Hansson

Introduce a cookie-based session store as the Rails default. Sessions typically contain at most a user_id and flash message; both fit within the 4K cookie size limit. A secure message digest is included with the cookie to ensure data integrity (a user cannot alter his user_id without knowing the secret key included in the digest). If you have more than 4K of session data or don't want your data to be visible to the user, pick another session store. Cookie-based sessions are dramatically faster than the alternatives. Jeremy Kemper

Added .erb and .builder as preferred aliases to the now deprecated .rhtml and .rxml extensions [Chad Fowler]. This is done to separate the renderer from the mime type. .erb templates are often used to render emails, atom, csv, whatever. So labeling them .rhtml doesn't make too much sense. The same goes for .rxml, which can be used to build everything from HTML to Atom to whatever. .rhtml and .rxml will continue to work until Rails 3.0, though. So this is a slow phasing out. All generators and examples will start using the new aliases, though.

...when caching is on, all.css is the concatenation of style1.css, styleB.css, and styleX2.css.
Same deal for JavaScripts.

Work around the two connection per host browser limit: use asset%d.myapp.com to distribute asset requests among asset[0123].myapp.com. Use a DNS wildcard or CNAMEs to map these hosts to your asset server. See http://www.die.net/musings/page_load_time/ for background. Jeremy Kemper

Added default mime type for CSS (Mime::CSS) David Heinemeier Hansson

Added that rendering will automatically insert the etag header on 200 OK responses. The etag is calculated using MD5 of the response body. If a request comes in that has a matching etag, the response will be changed to a 304 Not Modified and the response body will be set to an empty string. David Heinemeier Hansson

Added X-Runtime to all responses with the request run time David Heinemeier Hansson

Make sure that the string returned by TextHelper#truncate is actually a string, not a char proxy -- that should only be used internally while working on a multibyte-safe way of truncating David Heinemeier Hansson

Added FormBuilder#submit as a delegate for FormTagHelper#submit_tag David Heinemeier Hansson

Allow Routes to generate all urls for a set of options by specifying :generate_all => true. Allows caching to properly set or expire all paths for a resource. References #1739. Nicholas Seckar

Change the query parser to map empty GET params to "" rather than nil. Closes #5694. Nicholas Seckar

Added map.root as an alias for map.connect '' David Heinemeier Hansson

Added Request#format to return the format used for the request as a mime type. If no format is specified, the first Request#accepts type is used. This means you can stop using respond_to for anything else than responses [David Heinemeier Hansson]. Examples:

@response.redirect_url works with 201 Created responses: just return headers['Location'] rather than checking the response status. Jeremy Kemper

Added CSV to Mime::SET so that respond_to csv will work Cody Fauser

Fixed that HEAD should return the proper Content-Length header (that is, actually use @body.size, not just 0) David Heinemeier Hansson

Added GET-masquarading for HEAD, so request.method will return :get even for HEADs. This will help anyone relying on case request.method to automatically work with HEAD and map.resources will also allow HEADs to all GET actions. Rails automatically throws away the response content in a reply to HEAD, so you don't even need to worry about that. If you, for whatever reason, still need to distinguish between GET and HEAD in some edge case, you can use Request#head? and even Request.headers["REQUEST_METHOD"] for get the "real" answer. Closes #6694 David Heinemeier Hansson

Update Routing to complain when :controller is not specified by a route. Closes #6669. Nicholas Seckar

Ensure render_to_string cleans up after itself when an exception is raised. #6658 Rob Sanheim

Extract template_changed_since? from compile_template? so plugins may override its behavior for non-file-based templates. #6651 Jeff Barczewski

Update to Prototype and script.aculo.us [5579]. Thomas Fuchs

simple_format helper doesn't choke on nil. #6644 jerry426

Update to Prototype 1.5.0_rc2 [5550] which makes it work in Opera again Thomas Fuchs

Reuse named route helper module between Routing reloads. Use remove_method to delete named route methods after each load. Since the module is never collected, this fixes a significant memory leak. Nicholas Seckar

ActionView::Base.erb_variable accessor names the buffer variable used to render templates. Defaults to _erbout; use _buf for erubis. Rick Olson

Upgraded NumberHelper with number_to_phone support international formats to comply with ITU E.123 by supporting area codes with less than 3 digits, added precision argument to number_to_human_size (defaults to 1) #6421 Bob Silva

Fixed that setting RAILS_ASSET_ID to "" should not add a trailing slash after assets #6454 Bob Silva/chrismear

Make page caching respect the format of the resource that is being requested even if the current route is the default route so that, e.g. posts.rss is not transformed by url_for to '/' and subsequently cached as '/index.html' when it should be cached as '/posts.rss'. Marcel Molina Jr.

render_text may optionally append to the response body. render_javascript appends by default. This allows you to chain multiple render :update calls by setting @performed_render = false between them (awaiting a better public API). Jeremy Kemper

Rename test assertion to prevent shadowing. Closes #6306. psross

Fixed that NumberHelper#number_to_delimiter should respect precision of higher than two digits #6231 Philip Hallstrom

Fixed that FormHelper#radio_button didn't respect an :id being passed in #6266 evansj

Changed that uncaught exceptions raised any where in the application will cause RAILS_ROOT/public/500.html to be read and shown instead of just the static "Application error (Rails)" David Heinemeier Hansson

Deprecation! @params, @session, @flash will be removed after 1.2. Use the corresponding instance methods instead. You'll get printed warnings during tests and logged warnings in dev mode when you access either instance variable directly. Jeremy Kemper

Make Routing noisy when an anchor regexp is assigned to a segment. #5674 François Beausoleil

Added months and years to the resolution of DateHelper#distance_of_time_in_words, such that "60 days ago" becomes "2 months ago" #5611 pjhyett@gmail.com

Make action caching aware of different formats for the same action so that, e.g. foo.xml is cached separately from foo.html. Implicitly set content type when reading in cached content with mime revealing extensions so the entire onous isn't on the webserver. Marcel Molina Jr.

Routing rewrite. Simpler, faster, easier to understand. The published API for config/routes.rb is unchanged, but nearly everything else is different, so expect breakage in plugins and libs that try to fiddle with routes. Nicholas Seckar, Jamis Buck

Added interrogation of params[:format] to determine Accept type. If :format is specified and matches a declared extension, like "rss" or "xml", that mime type will be put in front of the accept handler. This means you can link to the same action from different extensions and use that fact to determine output [David Heinemeier Hansson]. Example:

# returns HTML when requested by a browser, since the browser
# has the HTML mimetype at the top of its priority list
Accept: text/html
GET /weblog

# returns the XML
Accept: application/xml
GET /weblog

# returns the HTML
Accept: application/xml
GET /weblog.html

# returns the XML
Accept: text/html
GET /weblog.xml

All this relies on the fact that you have a route that includes .:format.

Expanded :method option in FormTagHelper#form_tag, FormHelper#form_for, PrototypeHelper#remote_form_for, PrototypeHelper#remote_form_tag, and PrototypeHelper#link_to_remote to allow for verbs other than GET and POST by automatically creating a hidden form field named _method, which will simulate the other verbs over post David Heinemeier Hansson

Added :method option to UrlHelper#link_to, which allows for using other verbs than GET for the link. This replaces the :post option, which is now deprecated. Example: link_to "Destroy", person_url(:id => person), :method => :delete David Heinemeier Hansson

follow_redirect doesn't complain about being redirected to the same controller. #5153 dymo@mk.ukrtelecom.ua

Add layout attribute to response object with the name of the layout that was rendered, or nil if none rendered. Kevin Clark

Allow error_messages_for to report errors for multiple objects, as well as support for customizing the name of the object in the error summary header. Closes #4186. andrew@redlinesoftware.com, Marcel Molina Jr.

Add support in routes for semicolon delimited "subpaths", like /books/:id;:action Jamis Buck

Change link_to_function and button_to_function to (optionally) take an update_page block instead of a JavaScript string. Closes #4804. zraii@comcast.net, Sam Stephenson

Fixed that remote_form_for can leave out the object parameter and default to the instance variable of the object_name, just like form_for David Heinemeier Hansson

Modify routing so that you can say :require => { :method => :post } for a route, and the route will never be selected unless the request method is POST. Only works for route recognition, not for route generation. Jamis Buck

Added ActionController.filter_parameter_logging that makes it easy to remove passwords, credit card numbers, and other sensitive information from being logged when a request is handled #1897 jeremye@bsa.ca.gov

1.13.3 (March 12th, 2007)

Apply [5709] to stable.

session_enabled? works with session :off. #6680 Jonathan del Strother

Performance: patch cgi/session to require digest/md5 once rather than per #create_new_id. Stefan Kaes

@response.redirect_url works with 201 Created responses: just return headers['Location'] rather than checking the response status. Jeremy Kemper

Fixed that HEAD should return the proper Content-Length header (that is, actually use @body.size, not just 0) David Heinemeier Hansson

Added GET-masquarading for HEAD, so request.method will return :get even for HEADs. This will help anyone relying on case request.method to automatically work with HEAD and map.resources will also allow HEADs to all GET actions. Rails automatically throws away the response content in a reply to HEAD, so you don't even need to worry about that. If you, for whatever reason, still need to distinguish between GET and HEAD in some edge case, you can use Request#head? and even Request.headers["REQUEST_METHOD"] for get the "real" answer. Closes #6694 David Heinemeier Hansson

1.13.0 RC1 (r5619, November 22nd, 2006)

Update Routing to complain when :controller is not specified by a route. Closes #6669. Nicholas Seckar

Ensure render_to_string cleans up after itself when an exception is raised. #6658 rsanheim

Reuse named route helper module between Routing reloads. Use remove_method to delete named route methods after each load. Since the module is never collected, this fixes a significant memory leak. Nicholas Seckar

Upgraded NumberHelper with number_to_phone support international formats to comply with ITU E.123 by supporting area codes with less than 3 digits, added precision argument to number_to_human_size (defaults to 1) #6421 Bob Silva

Fixed that setting RAILS_ASSET_ID to "" should not add a trailing slash after assets #6454 Bob Silva/chrismear

Make page caching respect the format of the resource that is being requested even if the current route is the default route so that, e.g. posts.rss is not transformed by url_for to '/' and subsequently cached as '/index.html' when it should be cached as '/posts.rss'. Marcel Molina Jr.

render_text may optionally append to the response body. render_javascript appends by default. This allows you to chain multiple render :update calls by setting @performed_render = false between them (awaiting a better public API). Jeremy Kemper

Rename test assertion to prevent shadowing. Closes #6306. psross

Fixed that NumberHelper#number_to_delimiter should respect precision of higher than two digits #6231 Philip Hallstrom

Fixed that FormHelper#radio_button didn't respect an :id being passed in #6266 evansj

Changed that uncaught exceptions raised any where in the application will cause RAILS_ROOT/public/500.html to be read and shown instead of just the static "Application error (Rails)" David Heinemeier Hansson

Added deprecation language for pagination which will become a plugin by Rails 2.0 David Heinemeier Hansson

Added deprecation language for in_place_editor and auto_complete_field that both pieces will become plugins by Rails 2.0 David Heinemeier Hansson

Deprecated all of ActionController::Dependencies. All dependency loading is now handled from Active Support David Heinemeier Hansson

Deprecation! @params, @session, @flash will be removed after 1.2. Use the corresponding instance methods instead. You'll get printed warnings during tests and logged warnings in dev mode when you access either instance variable directly. Jeremy Kemper

Make Routing noisy when an anchor regexp is assigned to a segment. #5674 François Beausoleil

Added months and years to the resolution of DateHelper#distance_of_time_in_words, such that "60 days ago" becomes "2 months ago" #5611 pjhyett@gmail.com

Make action caching aware of different formats for the same action so that, e.g. foo.xml is cached separately from foo.html. Implicitly set content type when reading in cached content with mime revealing extensions so the entire onous isn't on the webserver. Marcel Molina Jr.

Routing rewrite. Simpler, faster, easier to understand. The published API for config/routes.rb is unchanged, but nearly everything else is different, so expect breakage in plugins and libs that try to fiddle with routes. Nicholas Seckar, Jamis Buck

Added interrogation of params[:format] to determine Accept type. If :format is specified and matches a declared extension, like "rss" or "xml", that mime type will be put in front of the accept handler. This means you can link to the same action from different extensions and use that fact to determine output [David Heinemeier Hansson]. Example:

# returns HTML when requested by a browser, since the browser
# has the HTML mimetype at the top of its priority list
Accept: text/html
GET /weblog

# returns the XML
Accept: application/xml
GET /weblog

# returns the HTML
Accept: application/xml
GET /weblog.html

# returns the XML
Accept: text/html
GET /weblog.xml

All this relies on the fact that you have a route that includes .:format.

Expanded :method option in FormTagHelper#form_tag, FormHelper#form_for, PrototypeHelper#remote_form_for, PrototypeHelper#remote_form_tag, and PrototypeHelper#link_to_remote to allow for verbs other than GET and POST by automatically creating a hidden form field named _method, which will simulate the other verbs over post David Heinemeier Hansson

Added :method option to UrlHelper#link_to, which allows for using other verbs than GET for the link. This replaces the :post option, which is now deprecated. Example: link_to "Destroy", person_url(:id => person), :method => :delete David Heinemeier Hansson

follow_redirect doesn't complain about being redirected to the same controller. #5153 dymo@mk.ukrtelecom.ua

Add layout attribute to response object with the name of the layout that was rendered, or nil if none rendered. Kevin Clark

Small fix in routing to allow dynamic routes (broken after [4242]) Rick Olson

map.connect '*path', :controller => 'files', :action => 'show'

Use #flush between switching from #write to #syswrite. Closes #4907. Blair Zajac blair@orcaware.com

Allow error_messages_for to report errors for multiple objects, as well as support for customizing the name of the object in the error summary header. Closes #4186. andrew@redlinesoftware.com, Marcel Molina Jr.

Add support in routes for semicolon delimited "subpaths", like /books/:id;:action Jamis Buck

Change link_to_function and button_to_function to (optionally) take an update_page block instead of a JavaScript string. Closes #4804. zraii@comcast.net, Sam Stephenson

Modify routing so that you can say :require => { :method => :post } for a route, and the route will never be selected unless the request method is POST. Only works for route recognition, not for route generation. Jamis Buck

1.12.5 (August 10th, 2006)

1.12.4 (August 8th, 2006)

Fixed that remote_form_for can leave out the object parameter and default to the instance variable of the object_name, just like form_for David Heinemeier Hansson

Added ActionController.filter_parameter_logging that makes it easy to remove passwords, credit card numbers, and other sensitive information from being logged when a request is handled. #1897 jeremye@bsa.ca.gov

Fixed that real files and symlinks should be treated the same when compiling templates. #5438 zachary@panandscan.com

1.12.3 (June 28th, 2006)

Fix broken traverse_to_controller. We now:
Look for a _controller.rb file under RAILS_ROOT to load.
If we find it, we require_dependency it and return the controller it defined. (If none was defined we stop looking.)
If we don't find it, we look for a .rb file under RAILS_ROOT to load. If we find it, and it loads a constant we keep looking.
Otherwise we check to see if a directory of the same name exists, and if it does we create a module for it.

response is not a redirection to all of the options supplied (redirection is <{:only_path=>false, :host=>"other.test.host", :action=>"other_host"}>), difference: <{:only_path=>"true", :host=>"other.test.host"}>

Change url_for to escape the resulting URLs when called from a view. Nicholas Seckar, coffee2code

Added option to render action/template/file of a specific extension (and here by template type). This means you can have multiple templates with the same name but a different extension [David Heinemeier Hansson]. Example:

Added Base#render(:xml => xml) that works just like Base#render(:text => text), but sets the content-type to text/xml and the charset to UTF-8 David Heinemeier Hansson

Integration test's url_for now runs in the context of the last request (if any) so after post /products/show/1 url_for :action => 'new' will yield /product/new Tobias Lütke

Re-added mixed-in helper methods for the JavascriptGenerator. Moved JavascriptGenerators methods to a module that is mixed in after the helpers are added. Also fixed that variables set in the enumeration methods like #collect are set correctly. Documentation added for the enumeration methods [Rick Olson]. Examples:

Added plugin support for parameter parsers, which allows for better support for REST web services. By default, posts submitted with the application/xml content type is handled by creating a XmlSimple hash with the same name as the root element of the submitted xml. More handlers can easily be registered like this:

Default YAML web services were retired, ActionController::Base.param_parsers carries an example which shows how to get this functionality back. As part of this new plugin support, request.[formatted_post?, xml_post?, yaml_post? and post_format] were all deprecated in favor of request.content_type Tobias Lütke

Fixed Effect.Appear in effects.js to work with floats in Safari #3524, #3813, #3044 Thomas Fuchs

Added that page caching will only happen if the response code is less than 400 #4033 g.bucher@teti.ch

Add ActionController::IntegrationTest to allow high-level testing of the way the controllers and routes all work together Jamis Buck

Added support to AssetTagHelper#javascript_include_tag for having :defaults appear anywhere in the list, so you can now make one call ala javascript_include_tag(:defaults, "my_scripts") or javascript_include_tag("my_scripts", :defaults) depending on how you want the load order #3506 Bob Silva

Added :count option to pagination that'll make it possible for the ActiveRecord::Base.count call to using something else than * for the count. Especially important for count queries using DISTINCT #3839 Stefan Kaes

More robust relative url root discovery for SCGI compatibility. This solves the 'SCGI routes problem' -- you no longer need to prefix all your routes with the name of the SCGI mountpoint. #3070 Dave Ringoen

Fix docs for text_area_tag. #3083. Christopher Cotton

Change form_for and fields_for method signatures to take object name and object as separate arguments rather than as a Hash. David Heinemeier Hansson

Introduce :selected option to the select helper. Allows you to specify a selection other than the current value of object.method. Specify :selected => nil to leave all options unselected. #2991 Jonathan Viney jonathan@bluewire.net.nz

Added short-hand to assert_tag so assert_tag :tag => "span" can be written as assert_tag "span" David Heinemeier Hansson

Added skip_before_filter/skip_after_filter for easier control of the filter chain in inheritance hierachies [David Heinemeier Hansson]. Example:

class ApplicationController < ActionController::Base
before_filter :authenticate
end
class WeblogController < ApplicationController
# will run the :authenticate filter
end
class SignupController < ActionController::Base
# will not run the :authenticate filter
skip_before_filter :authenticate
end

Added redirect_to :back as a short-hand for redirect_to(request.env["HTTP_REFERER"]) David Heinemeier Hansson

Change javascript_include_tag :defaults to not use script.aculo.us loader, which facilitates the use of plugins for future script.aculo.us and third party javascript extensions, and provide register_javascript_include_default for plugins to specify additional JavaScript files to load. Removed slider.js and builder.js from actionpack. Thomas Fuchs

Added ActionController::Base.session_store=, session_store, and session_options to make it easier to tweak the session options (instead of going straight to ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS)

Added TextHelper#cycle to cycle over an array of values on each hit (useful for alternating row colors etc) #2154 dave-ml@dribin.org

Added :multipart option to ActiveRecordHelper#form to make it possible to add file input fields #2034 jstirk@oobleyboo.com

Moved auto-completion and in-place editing into the Macros module and their helper counterparts into JavaScriptMacrosHelper

Added in-place editing support in the spirit of auto complete with ActionController::Base.in_place_edit_for, JavascriptHelper#in_place_editor_field, and Javascript support from script.aculo.us #2038 Jon Tirsen

Improved performance of test app req/sec with 5-30% through a series of Action Pack optimizations #1811 Stefan Kaes

Changed caching/expiration/hit to report using the DEBUG log level and errors to use the ERROR log level instead of both using INFO

Added support for per-action session management #1763

Improved rendering speed on complicated templates by up to 100% (the more complex the templates, the higher the speedup) #1234 [Stefan Kaes]. This did necessasitate a change to the internals of ActionView#render_template that now has four parameters. Developers of custom view handlers (like Amrita) need to update for that.

Added options hash as third argument to FormHelper#input, so you can do input('person', 'zip', :size=>10) #1719 jeremye@bsa.ca.gov

Added named_route method to RouteSet instances so that RouteSet instance methods do not prevent certain names from being used. Nicholas Seckar

Fixed routes so that routes which do not specify :action in the path or in the requirements have a default of :action => 'index', In addition, fixed url generation so that :action => 'index' does not need to be provided for such urls. Nicholas Seckar, Markjuh

Worked around a Safari bug where it wouldn't pass headers through if the response was zero length by having render :nothing return ' ' instead of ''

Fixed Request#subdomains to handle "foo.foo.com" correctly

1.9.1 (11 July, 2005)

Fixed that auto_complete_for didn't force the input string to lower case even as the db comparison was

Fixed that Action View should always use the included Builder, never attempt to require the gem, to ensure compatibility

Added that nil options are not included in tags, so tag("p", :ignore => nil) now returns

not

but that tag("p", :ignore => "") still includes it #1465 Michael Schuerig

Fixed that UrlHelper#link_to_unless/link_to_if used html_escape on the name if no link was to be applied. This is unnecessary and breaks its use with images #1649 joergd@pobox.com

Added capability to remove draggables/droppables and redeclare sortables in dragdrop.js (this makes it possible to call sortable_element on the same element more than once, e.g. in AJAX returns that modify the sortable element. all current sortable 'stuff' on the element will be discarded and the sortable will be rebuilt)

Always reset background color on Effect.Highlight; this make change backwards-compatibility, to be sure include style="background-color:(target-color)" on your elements or else elements will fall back to their CSS rules (which is a good thing in most circumstances)

Fixed that a SessionRestoreError was thrown if a model object was placed in the session that wasn't available to all controllers. This means that it's no longer necessary to use the 'model :post' work-around in ApplicationController to have a Post model in your session.

1.9.0 (6 July, 2005)

Added logging of the request URI in the benchmark statement (makes it easy to grep for slow actions)

Fixed prototype to consider all fields it doesn't know as text (such as Safari's search) just like the browser in its serialization #1497 Sean Treadway

Improved performance of Routes generation by a factor of 5 #1434 Nicholas Seckar

Added named routes (NEEDS BETTER DESCRIPTION) #1434 Nicholas Seckar

Improved AbstractRequest documentation #1483 court3nay

Added ActionController::Base.allow_concurrency to control whether the application is thread-safe, so multi-threaded servers like WEBrick knows whether to apply a mutex around the performance of each action. Turned off by default. EXPERIMENTAL FEATURE.

Added button_to as a form-based solution to deal with harmful actions that should be hidden behind POSTs. This makes it just as easy as link_to to create a safe trigger for actions like destroy, although it's limited by being a block element, the fixed look, and a no-no inside other forms. #1371 tom@moertel.com

Fixed image_tag so an exception is not thrown just because the image is missing and alt value can't be generated #1395 Marcel Molina Jr.

Added a third parameter to TextHelper#auto_link called href_options for specifying additional tag options on the links generated #1401 [tyler.kovacs@gmail.com]. Example: auto_link(text, :all, { :target => "_blank" }) to have all the generated links open in a new window.

Fixed TextHelper#highlight to return the text, not nil, if the phrase is blank #1409 Patrick Lenz

Fixed TagHelper such that :name and 'name' keys in the options doesn't result in two attributes #1455 take_tk

Ensure that helpers are only available to the controllers where they are defined and their subclasses. #1394 kdole@tamu.edu

Removed the require hack used by functional testing to work around an earlier bug in rake.

Allow distance_of_time_in_words to work with any value that responds to #to_time (like dates) #969

Support :render option for :verify #1440 Tobias Lütke

Updated vendor copy of html-scanner lib to 0.5.2, for bug fixes and optimizations. The :content option may be used as expected--to find a tag whose textual content is a particular value--in assert_tag, now.

Changed test requests to come from 0.0.0.0 instead of 127.0.0.1 such that they don't trigger debugging screens on exceptions, but instead call rescue_action_in_public

Modernize scaffolding to match the generator: use the new render method and change style from the warty @params["id"] to the sleek params[:id]. #1367

Include :id in the action generated by the form helper method. Then, for example, the controller can do Model.find(params[:id]) for both edit and update actions. Updated scaffolding to take advantage. #1367

Add assertions with friendly messages to TestCase#process to ensure that @controller, @request, and @response are set. #1367

Make sure the benchmarking render method always returns the output of the render.

render(:action), render(:template) and render() are the only three calls that default to using a layout. All other render calls assume :layout => false. This also fixes send_file, which was applying a layout if one existed for the current action.

verify with :redirect_to won't redirect if a redirect or render has already been performed #1350

render(:partial => true) is identical to the behavior of the deprecated render_partial()

Fixed render(:partial => "...") to use an empty Hash for the local assigns #1365

Fixed Caching::Fragments::FileStore.delete to not raise an exception if the delete fails.

Deprecated all render_* methods in favor of consolidating all rendering behavior in Base#render(options). This enables more natural use of combining options, such as layouts. Examples:

Added support for descending year values in DateHelper#select_year, like select_year(Date.today, :start_year => 2005, :end_year => 1900), which would count down from 2005 to 1900 instead of the other way #1274 nwoods@mail.com

Fixed that FormHelper#checkbox should return a checked checkbox if the value is the same as checked_value #1286 Florian Weber

Fixed Form.disable in Prototype #1317 Wintermute

Added accessors to logger, params, response, session, flash, and headers from the view, so you can write <% logger.info "stuff" %> instead of <% @logger.info "others" %> -- more consistent with the preferred way of accessing these attributes and collections from the controller

Added support for POST data in form of YAML or XML, which is controller through the Content-Type header. Example request:

You can query to find out whether a given request came through as one of these types with:
- request.post_format? (:url_encoded, :xml or :yaml)
- request.formatted_post? (for either xml or yaml)
- request.xml_post?
- request.yaml_post?

Added bundling of XmlSimple by Maik Schmidt

Fixed that render_partial_collection should always return a string (and not sometimes an array, despite <%= %> not caring)

Added TextHelper#sanitize that can will remove any Javascript handlers, blocks, and forms from an input of HTML. This allows for use of HTML on public sites, but still be free of XSS issues. #1277 Jamis Buck

Fixed the HTML scanner used by assert_tag where a infinite loop could be caused by a stray less-than sign in the input #1270 Jamis Buck

Added functionality to assert_tag, so you can now do tests on the siblings of a node, to assert that some element comes before or after the element in question, or just to assert that some element exists as a sibling #1226 Jamis Buck

Added better error handling for regexp caching expiration

Fixed handling of requests coming from unknown HTTP methods not to kill the server

Added that both AssetHelper#stylesheet_link_tag and AssetHelper#javascript_include_tag now accept an option hash as the last parameter, so you can do stuff like: stylesheet_link_tag "style", :media => "all"

Added FormTagHelper#image_submit_tag for making submit buttons that uses images

Added ActionController::Base.asset_host that will then be used by all the asset helpers. This enables you to easily offload static content like javascripts and images to a separate server tuned just for that.

Fixed action/fragment caching using the filestore when a directory and a file wanted to use the same name. Now there's a .cache prefix that sidesteps the conflict #1188 imbcmdth@hotmail.com

The new sweepers can also observe on the actions themselves by implementing methods according to (before|after)$controller$action. Example of a callback that'll be called after PagesController#update_title has been performed:

Fixed that :get, :post, and the others should take a flash array as the third argument just like process #1144 rails@cogentdude.com

Fixed a problem with Flash.now

Fixed stringification on all assigned hashes. The sacrifice is that assigns[:person] won't work in testing. Instead assigns["person"] or assigns(:person) must be used. In other words, the keys of assigns stay strings but we've added a method-based accessor to appease the need for symbols.

Fixed that rendering a template would require a connection to the database #1146

1.8.0 (19th April, 2005)

Added assert_tag and assert_no_tag as a much improved alternative to the deprecated assert_template_xpath_match #1126 Jamis Buck

Deprecated the majority of all the testing assertions and replaced them with a much smaller core and access to all the collections the old assertions relied on. That way the regular test/unit assertions can be used against these. Added documentation about how to use it all.

Added a wide range of new Javascript effects:
* Effect.Puff zooms the element out and makes it smoothly transparent at the same time, giving a "puff" illusion #996 [thomas@fesch.at]
After the animation is completed, the display property will be set to none.
This effect will work on relative and absolute positioned elements.

* Effect.Appear as the opposite of Effect.Fade #990 [thomas@fesch.at]
You should return elements with style="display:none;" or a like class for this to work best and have no chance of flicker.
* Effect.Squish for scaling down an element and making it disappear at the end #972 [thomas@fesch.at]
* Effect.Scale for smoothly scaling images or text up and down #972 [thomas@fesch.at]
* Effect.Fade which smoothly turns opacity from 100 to 0 and then hides the element #960 [thomas@fesch.at]

Added Request#xml_http_request? (and an alias xhr?) to that'll return true when the request came from one of the Javascript helper methods (Ajax). This can be used to give one behavior for modern browsers supporting Ajax, another to old browsers #1127 Sam Stephenson

Changed render_partial to take local assigns as the second parameter instead of an explicit object and then the assigns. So the API changes from:

Fixed that you can now pass an alternative :href option to link_to_function/remote in order to point to somewhere other than # if the javascript fails or is turned off. You can do the same with form_remote_tag by passing in :action. #1113 Sam Stephenson

Fixed DateHelper to return values on the option tags such that they'll work properly in IE with form_remote_tag #1024 Scott Raymond

Fixed FormTagHelper#check_box to respect checked #1049 DelynnB

Added that render_partial called from a controller will use the action name as default #828 Dan Peterson

Added Element.toggle, Element.show, and Element.hide to the prototype javascript library. Toggle.display has been deprecated, but will still work #992 Lucas Carlson

Added that deleting a cookie should not just set it to an empty string but also instantly expire it #1118 todd@robotcoop.com

Added submit_to_remote that allows you to trigger an Ajax form submition at the click of the submission button, which allows for multiple targets in a single form through the use of multiple submit buttons #930 yrashk@gmail.com

Added :owerwrite_params back to url_for and friends -- it was AWL since the introduction of Routes #921 raphinou

Added :position option to link_to_remote/form_remote_tag that can be either :before, :top, :bottom, or :after and specifies where the return from the method should be inserted #952 Matthew McCray/Sam Stephenson

Added include_seconds option as the third parameter to distance_of_time_in_words which will render "less than a minute" in higher resolution ("less than 10 seconds" etc) #944 thomas@fesch.at

Added fourth option to process in test cases to specify the content of the flash #949 Jamis Buck

Added Verifications that allows you to specify preconditions to actions in form of statements like verify :only => :update_post, :params => "admin_privileges", :redirect_to => { :action => "settings" }, which ensure that the update_post action is only called if admin_privileges is available as a parameter -- otherwise the user is redirected to settings. #897 Jamis Buck

Fixed Form.Serialize for the JavascriptHelper to also seriliaze password fields #934 dweitzman@gmail.com

Added JavascriptHelper#escape_javascript as a public method (was private) and made it escape both single and double quotes and new lines #940 mortonda@dgrmm.net

Added trailing_slash option to url_for, so you can generate urls ending in a slash. Note that is currently not recommended unless you need it for special reasons since it breaks caching #937 stian@grytoyr.net

Added expire_matched_fragments(regular_expression) to clear out a lot of fragment caches at once #927 Rick Olson

Fixed the problems with : and ? in file names for fragment caches on Windows #927 Rick Olson

Improved error reporting especially around never shallowing exceptions. Debugging helpers should be much easier now #980 Nicholas Seckar

Fixed Toggle.display in prototype.js #902 Lucas Carlson

1.6.0 (22th March, 2005)

Added a JavascriptHelper and accompanying prototype.js library that opens the world of Ajax to Action Pack with a large array of options for dynamically interacting with an application without reloading the page #884 Sam Stephenson/David

Added pagination support through both a controller and helper add-on #817 Sam Stephenson

Fixed routing and helpers to make Rails work on non-vhost setups #826 Nicholas Seckar/Tobias Lütke

Added a much improved Flash module that allows for finer-grained control on expiration and allows you to flash the current action #839 [Caio Chassot]. Example of flash.now:

A request for /categories/top-level-cat, would give @params[:path_info] with "top-level-cat".
A request for /categories/top-level-cat/level-1-cat, would give @params[:path_info] with "top-level-cat/level-1-cat" and so forth.

The @params[:path_info] return is really an array, but where to_s has been overwritten to do join("/").

Fixed options_for_select on selected line issue #624 Florian Weber

Added CaptureHelper with CaptureHelper#capture and CaptureHelper#content_for. See documentation in helper #837 Tobias Lütke

Fixed :anchor use in url_for #821 Nicholas Seckar

Removed the reliance on PATH_INFO as it was causing problems for caching and inhibited the new non-vhost support #822 Nicholas Seckar

Fixed textilize to be resilient to getting nil parsed (by using Object#blank? instead of String#empty?)

Fixed that the :multipart option in FormTagHelper#form_tag would be ignored Yonatan Feldman

1.5.1 (7th March, 2005)

Fixed that the routes.rb file wouldn't be found on symlinked setups due to File.expand_path #793 piotr@t-p-l.com

Changed ActiveRecordStore to use Marshal instead of YAML as the latter proved troublesome in persisting circular dependencies. Updating existing applications MUST clear their existing session table from data to start using this updated store #739 Jamis Buck

Added shortcut :id assignment to render_component and friends (before you had to go through :params) #784 Lucas Carlson

Fixed caching to be aware of extensions (so you can cache files like api.wsdl or logo.png) #734 Nicholas Seckar

Fixed that Routes would raise NameErrors if a controller component contains characters that are not valid constant names #733 Nicholas Seckar

Added PATH_INFO access from the request that allows urls like the following to be interpreted by rails: http://www.example.com/dispatcher.cgi/controller/action -- that makes it possible to use rails as a CGI under lighttpd and would also allow (for example) Rublog to be ported to rails without breaking existing links to Rublog-powered blogs. #728 Jamis Buck

Fixed that caching the root would result in .html not index.html #731, #734 alisdair/Nicholas Seckar

1.5.0 (24th February, 2005)

Added components that allows you to call other actions for their rendered response while execution another action. You can either delegate the entire response rendering or you can mix a partial response in with your other content. Read more on http://manuals.rubyonrails.com/read/book/14

Added ActionView::Base.register_template_handler for easy integration of an alternative template language to ERb and Builder. See test/controller/custom_handler_test.rb for a usage example #656 Jamis Buck

Added AssetTagHelper that provides methods for linking a HTML page together with other assets, such as javascripts, stylesheets, and feeds.

Added FormTagHelper that provides a number of methods for creating form tags that doesn't rely on conventions with an object assigned to the template like FormHelper does. With the FormTagHelper, you provide the names and values yourself.

Added Afghanistan, Iran, and Iraq to the countries list used by FormOptions#country_select and FormOptions#country_options_for_select

Renamed link_to_image to link_image_to (since thats what it actually does) -- kept alias for the old method name

Fixed textilize for RedCloth3 to keep doing hardbreaks

Fixed that assert_template_xpath_matches did not indicate when a path was not found #658 Eric Hodel

Added TextHelper#auto_link to turn email addresses and urls into ahrefs

Added Base#hide_action(names) to hide public methods from a controller that would otherwise have been callable through the URL. For the majority of cases, its preferred just to make the methods you don't want to expose protected or private (so they'll automatically be hidden) -- but if you must have a public method, this is a way to make it uncallable. Base#hidden_actions retrieve the list of all hidden actions for the controller #644 *Nicholas Seckar

Fixed that a bunch of methods from ActionController::Base was accessible as actions (callable through a URL) when they shouldn't have been #644 Nicholas Seckar

Added UrlHelper#current_page?(options) method to check if the url_for options passed corresponds to the current page

Added "short hypertext note with a hyperlink to the new URI(s)" to redirects to fulfill compliance with RFC 2616 (HTTP/1.1) section 10.3.3 #397 Tim Bates

Added second boolean parameter to Base.redirect_to_url and Response#redirect to control whether the redirect is permanent or not (301 vs 302) #375 Hodel

Fixed redirects when the controller and action is named the same. Still haven't fixed same controller, module, and action, though #201 Josh Peek

Fixed problems with running multiple functional tests in Rails under 1.8.2 by including hack for test/unit weirdness

Fixed that @request.remote_ip didn't work in the test environment #369 Bruno Mattarollo

1.1.0

Added search through session to clear out association caches at the end of each request. This makes it possible to place Active Record objects
in the session without worrying about stale data in the associations (the main object is still subject to caching, naturally) #347 Tobias Lütke

Added more informative exception when using helper :some_helper and the helper requires another file that fails, you'll get an
error message tells you what file actually failed to load, rather than falling back on assuming it was the helper file itself #346 dblack

Added use of *_before_type_cast for all input and text fields. This is helpful for getting "100,000" back on a integer-based
validation where the value would normally be "100".

Added Request#port_string to get something like ":8080" back on 8080 and "" on 80 (or 443 with https).

Added POST support for the breakpoint retries, so form processing that raises an exception can be retried with the original request Florian Gross

Fixed regression with Base#reset_session that wouldn't use the DEFAULT_SESSION_OPTIONS adam@the-kramers.net

Fixed error rendering of rxml documents to not just swallow the exception and return 0 (still not guessing the right line, but hey)

Fixed that textilize and markdown would instantiate their engines even on empty strings. This also fixes #333 Ulysses

Fixed UrlHelper#link_to_unless so it doesn't care if the id is a string or fixnum Ryan Davis

1.0.1

Fixed a bug that would cause an ApplicationController to require itself three times and hence cause filters to be run three times evl

1.0

Added that controllers will now attempt to require a model dependency with their name and in a singular attempt for their name.
So both PostController and PostsController will automatically have the post.rb model required. If no model is found, no error is raised,
as it is then expected that no match is available and the programmer will have included his own models.

Fixed DateHelper#date_select so that you can pass include_blank as an option even if you don't use start_year and end_year #59 what-a-day

Added that controllers will now search for a layout in $template_root/layouts/$controller_name.r(html|xml), so PostsController will look
for layouts/posts.rhtml or layouts/posts.rxml and automatically configure this layout if found #307 Marcel Molina Jr.

Added FormHelper#radio_button to work with radio buttons like its already possible with check boxes Michael Koziarski

Added TemplateError#backtrace that makes it much easier to debug template errors from unit and functional tests

Added display of error messages with scaffolded form pages

Added option to ERB templates to swallow newlines by using <% if something -%> instead of just <% if something %>. Example:

Fixed CgiRequest so that it'll now accept session options with Symbols as keys (as the documentation points out) Suggested by Andreas

Added that render_partial will always by default include a counter with value 1 unless there is a counter passed in via the
local_assigns hash that overrides it. As a result, render_collection_of_partials can still be written in terms of render_partial
and partials that make use of a counter can be called without problems from both render_collection_of_partials as well as
render_partial #295 Marcel Molina Jr.

Fixed CgiRequest#out to fall back to #write if $stdout doesn't have #syswrite Jeremy Kemper

Fixed all helpers so that they use XHTML compliant double quotes for values instead of single quotes htonl/Jeremy Kemper

Creates a link tag to the image residing at the +src+ using an URL created by the set of +options+. See the valid options in
link:classes/ActionController/Base.html#M000021. It's also possible to pass a string instead of an options hash to
get a link tag that just points without consideration. The <tt>html_options</tt> works jointly for the image and ahref tag by
letting the following special values enter the options on the image and the rest goes to the ahref:
::alt: If no alt text is given, the file name part of the +src+ is used (capitalized and without the extension)
::size: Supplied as "XxY", so "30x45" becomes width="30" and height="45"
::align: Sets the alignment, no special features
The +src+ can be supplied as a...
* full path, like "/my_images/image.gif"
* file name, like "rss.gif", that gets expanded to "/images/rss.gif"
* file name without extension, like "logo", that gets expanded to "/images/logo.png"

Fixed to_input_field_tag so it no longer explicitly uses InstanceTag.value if value was specified in the options hash evl

Added the possibility of having validate be protected for assert_(in)valid_column #263 Tobias Lütke

Added that ActiveRecordHelper#form now calls url_for on the :action option.

Added all the HTTP methods as alternatives to the generic "process" for functional testing #276 [Tobias Lütke]. Examples:

Added Request#ssl? which is shorthand for @request.protocol == "https://"

Added the choice to call form_tag with no arguments (resulting in a form posting to current action) Jeremy Kemper

Upgraded to Builder 1.2.1

Added :module as an alias for :controller_prefix to url_for and friends, so you can do redirect_to(:module => "shop", :controller => "purchases")
and go to /shop/purchases/

Added support for controllers in modules through @params["module"].

Added reloading for dependencies under cached environments like FastCGI and mod_ruby. This makes it possible to use those environments for development.
This is turned on by default, but can be turned off with ActionController::Base.reload_dependencies = false in production environments.

NOTE: This will only have an effect if you use the new model, service, and observer class methods to mark dependencies. All libraries loaded through
require will be "forever" cached. You can, however, use ActionController::Base.load_or_require("library") to get this behavior outside of the new
dependency style.

Added that controllers will automatically require their own helper if possible. So instead of doing:

class MsgController < ApplicationController
helper :msg
end

...you can just do:

class MsgController < ApplicationController
end

Added dependencies_on(layer) to query the dependencies of a controller. Examples:

Added another case to DateHelper#distance_in_minutes to return "less than a minute" instead of "0 minutes" and "1 minute" instead of "1 minutes"

Added a hidden field to checkboxes generated with FormHelper#check_box that will make sure that the unchecked value (usually 0)
is sent even if the checkbox is not checked. This relieves the controller from doing custom checking if the checkbox wasn't
checked. BEWARE: This might conflict with your run-on-the-mill work-around code. Tobias Lütke

Fixed error_message_on to just use the first if more than one error had been added Marcel Molina Jr.

Fixed that URL rewriting with /controller/ was working but /controller was not and that you couldn't use :id on index geech

Fixed a bug with link_to where the :confirm option wouldn't be picked up if the link was a straight url instead of an option hash

Changed scaffolding of forms to use tags instead of to please W3C evl

Added DateHelper#distance_of_time_in_words_to_now(from_time) that works like distance_of_time_in_words,
but where to_time is fixed to Time.now.

Improved the failure report on assert_success when the action triggered a redirection [alexey].

Added "markdown" to accompany "textilize" as a TextHelper method for converting text to HTML using the Markdown syntax.
BlueCloth must be installed in order for this method to become available.

Made sure that an active session exists before we attempt to delete it Samuel

Changed link_to with Javascript confirmation to use onclick instead of onClick for XHTML validity Scott Barron

0.9.0 (43)

Added support for Builder-based templates for files with the .rxml extension. These new templates are an alternative to ERb that
are especially useful for generating XML content, such as this RSS example from Basecamp:

The "xml" local variable is automatically available in .rxml templates. You construct the template by calling a method with the name
of the tag you want. Options for the tag can be specified as a hash parameter to that method.

Builder-based templates can be mixed and matched with the regular ERb ones. The only thing that differentiates them is the extension.
No new methods have been added to the public interface to handle them.

Action Pack ships with a version of Builder, but it will use the RubyGems version if you have one installed.

<%= render_collection_of_partials "ad", @advertisements %>
This will render "advertiser/_ad.rhtml" and pass the local variable +ad+ to the template for display. An iteration counter
will automatically be made available to the template with a name of the form +partial_name_counter+. In the case of the
example above, the template would be fed +ad_counter+.

Fixed problems with two sessions being maintained on reset_session that would particularly screw up ActiveRecordStore.

Fixed reset_session to start an entirely new session instead of merely deleting the old. So you can now safely access @session
after calling reset_ression and expect it to work.

Changed @request.remote_ip and @request.host to work properly even when a proxy is in front of the application geech

Added JavaScript confirm feature to link_to. Documentation:

The html_options have a special feature for creating javascript confirm alerts where if you pass
:confirm => 'Are you sure?', the link will be guarded with a JS popup asking that question.
If the user accepts, the link is processed, otherwise not.

Creates a link tag of the given +name+ using an URL created by the set of +options+, unless the current
controller, action, and id are the same as the link's, in which case only the name is returned (or the
given block is yielded, if one exists). This is useful for creating link bars where you don't want to link
to the page currently being viewed.

Fixed that UrlRewriter (the driver for url_for, link_to, etc) would blow up when the anchor was an integer alexey

Added that layouts defined with no directory defaults to layouts. So layout "weblog/standard" will use
weblog/standard (as always), but layout "standard" will use layouts/standard.

Fixed that partials (or any template starting with an underscore) was publically viewable Marten

Added HTML escaping to text_area helper.

Added :overwrite_params to url_for and friends to keep the parameters as they were passed to the current action and only overwrite a subset.
The regular :params will clear the slate so you need to manually add in existing parameters if you want to reuse them. raphinou

Fixed scaffolding problem with composite named objects Moo Jester

Added the possibility for shared partials. Example:

<%= render_partial "advertisement/ad", ad %>

This will render the partial "advertisement/_ad.rhtml" regardless of which controller this is being called from.

Jacob Fugal

Fixed crash when encountering forms that have empty-named fields James Prudente

Added check_box form helper method now accepts true/false as well as 1/0 what-a-day

Fixed the lacking creation of all directories with install.rb Dave Steinberg

Made the following methods public (was protected): url_for, controller_class_name, controller_name, action_name
This makes it easier to write filters without cheating around the encapsulation with send.

ActionController::Base#reset_session now sticks even if you access @session afterwards Kent Sibilev

Improved the exception logging so the log file gets almost as much as in-browser debugging.

Changed base class setup from AbstractTemplate/ERbTemplate to ActionView::Base. This change should be harmless unless you were
accessing Action View directly in which case you now need to reference the Base class.\

Fixed that DRb Store accidently started its own server (instead of just client) Andreas

Fixed strip_links so it now works across multiple lines Chad Fowler

Fixed the TemplateError exception to show the proper trace on to_s (useful for unit test debugging)

Implemented class inheritable attributes without eval Caio Chassot

Made TextHelper#concat accept binding as it would otherwise not work

The FormOptionsHelper will now call to_s on the keys and values used to generate options

0.8.5

Introduced passing of locally scoped variables between templates:

You can pass local variables to sub templates by using a hash of with the variable
names as keys and the objects as values:
<%= render "shared/header", { "headline" => "Welcome", "person" => person } %>
These can now be accessed in shared/header with:
Headline: <%= headline %>
First name: <%= person.first_name %>

Introduced the concept of partials as a certain type of sub templates:

There's also a convenience method for rendering sub templates within the current
controller that depends on a single object (we call this kind of sub templates for
partials). It relies on the fact that partials should follow the naming convention
of being prefixed with an underscore -- as to separate them from regular templates
that could be rendered on their own. In the template for Advertiser#buy, we could have:
<% for ad in @advertisements %>
<%= render_partial "ad", ad %>
<% end %>
This would render "advertiser/_ad.rhtml" and pass the local variable +ad+
for the template to display.
== Rendering a collection of partials
The example of partial use describes a familar pattern where a template needs
to iterate over a array and render a sub template for each of the elements.
This pattern has been implemented as a single method that accepts an array and
renders a partial by the same name of as the elements contained within. So the
three-lined example in "Using partials" can be rewritten with a single line:
<%= render_collection_of_partials "ad", @advertisements %>
So this will render "advertiser/_ad.rhtml" and pass the local variable +ad+ for
the template to display.

Improved send_file by allowing a wide range of options to be applied [Jeremy Kemper]:

Sends the file by streaming it 4096 bytes at a time. This way the
whole file doesn't need to be read into memory at once. This makes
it feasible to send even large files.
Be careful to sanitize the path parameter if it coming from a web
page. send_file(@params['path'] allows a malicious user to
download any file on your server.
Options:
* <tt>:filename</tt> - specifies the filename the browser will see.
Defaults to File.basename(path).
* <tt>:type</tt> - specifies an HTTP content type.
Defaults to 'application/octet-stream'.
* <tt>:disposition</tt> - specifies whether the file will be shown inline or downloaded.
Valid values are 'inline' and 'attachment' (default).
* <tt>:buffer_size</tt> - specifies size (in bytes) of the buffer used to stream
the file. Defaults to 4096.
The default Content-Type and Content-Disposition headers are
set to download arbitrary binary files in as many browsers as
possible. IE versions 4, 5, 5.5, and 6 are all known to have
a variety of quirks (especially when downloading over SSL).
Simple download:
send_file '/path/to.zip'
Show a JPEG in browser:
send_file '/path/to.jpeg', :type => 'image/jpeg', :disposition => 'inline'
Read about the other Content-* HTTP headers if you'd like to
provide the user with more information (such as Content-Description).
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11
Also be aware that the document may be cached by proxies and browsers.
The Pragma and Cache-Control headers declare how the file may be cached
by intermediaries. They default to require clients to validate with
the server before releasing cached responses. See
http://www.mnot.net/cache_docs/ for an overview of web caching and
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
for the Cache-Control header spec.

Added pluralize method to the TextHelper that makes it easy to get strings like "1 message", "3 messages"

Fixed query string parsing for URLs that use the escaped versions of & or ; as part of a key or value

Fixed bug with custom Content-Type headers being in addition to rather than instead of the default header.
(This bug didn't matter with neither CGI or mod_ruby, but FCGI exploded on it) With help from Ara T. Howard

0.8.0

Added select, collection_select, and country_select to make it easier for Active Records to set attributes through
drop-down lists of options. Example:

Added an option for getting multiple values on a single form name into an array instead of having the last one overwrite.
This is especially useful for groups of checkboxes, which can now be written as:

The old behavior (where the last one wins, "DELETE" in the example) is still available. Just don't add "[]" to the
end of the name. Scott Baron

Added send_file which uses the new render_text block acceptance to make it feasible to send large files.
The files is sent with a bunch of voodoo HTTP headers required to get arbitrary files to download as
expected in as many browsers as possible (eg, IE hacks). Example:

def play_movie
send_file "/movies/that_movie.avi"
end

Jeremy Kemper

render_text now accepts a block for deferred rendering. Useful for streaming large files, displaying
a “please wait” message during a complex search, etc. Streaming example:

render_text do |response|
File.open(path, 'rb') do |file|
while buf = file.read(1024)
print buf
end
end
end

Jeremy Kemper

Added a new Tag Helper that can generate generic tags programmatically insted of through HTML. Example:

tag("br", "clear" => "all") => <br clear="all" />

...that's usually not terribly interesting (unless you have a lot of options already in a hash), but it
gives way for more specific tags, like the new form tag:

The UrlHelper methods url_for and link_to will now by default only return paths, not complete URIs.
That should make it easier to fit a Rails application behind a proxy or load-balancer.
You can overwrite this by passing :only_path => false as part of the options. Suggested by U235

Fixed bug with having your own layout for use with scaffolding Kevin Radloff

Changed url_for (and all the that drives, like redirect_to, link_to, link_for) so you can pass it a symbol instead of a hash.
This symbol is a method reference which is then called to calculate the url. Example:

Overwrite to implement a number of default options that all url_for-based methods will use.
The default options should come in form of a hash, just like the one you would use for
url_for directly. Example:
def default_url_options(options)
{ :controller_prefix => @project.active? ? "projects/" : "accounts/" }
end
As you can infer from the example, this is mostly useful for situations where you want to
centralize dynamic dissions about the urls as they stem from the business domain. Please note
that any individual url_for call can always override the defaults set by this method.

Changed url_for so that an "id" passed in the :params is not treated special. You need to use the dedicated :id to get
the special auto path-params treatment. Considering the url http://localhost:81/friends/list

Fixed problem with anchor being inserted before path parameters with url_for (and friends)

0.7.8

Fixed session bug where you couldn't store any objects that didn't exist in the standard library
(such as Active Record objects).

Added reset_session method for Action Controller objects to clear out all objects in the session.

Fixed that exceptions raised during filters are now also caught by the default rescues

Added new around_filter for doing before and after filtering with a single object [Florian Weber]:

class WeblogController < ActionController::Base
around_filter BenchmarkingFilter.new
# Before this action is performed, BenchmarkingFilter#before(controller) is executed
def index
end
# After this action has been performed, BenchmarkingFilter#after(controller) is executed
end
class BenchmarkingFilter
def initialize
@runtime
end
def before
start_timer
end
def after
stop_timer
report_result
end
end

Added the options for specifying a different name and id for the form helper methods than what is guessed [Florian Weber]:

Added DebugHelper with a single "debug" method for doing pretty dumps of objects in the view
(now used in the default rescues to better present the contents of session and template variables)

Added note to log about the templates rendered within layouts (before just the layout was shown)

Fixed redirects on https setups Andreas

Fixed scaffolding problem on the edit action when using :suffix => true Scott

Fixed scaffolding problem where implementing list.rhtml wouldn't work for the index action

URLs generated now uses & instead of just & so pages using it can validate with W3C Spotted by Andreas

0.7.7

Fixed bug in CGI extension that prevented multipart forms from working

0.7.6

Included ERB::Util so all templates can easily escape HTML content with <%=h @person.content %>

All requests are now considered local by default, so everyone will be exposed to detailed debugging screens on errors.
When the application is ready to go public, set ActionController::Base.consider_all_requests_local to false,
and implement the protected method local_request? in the controller to determine when debugging screens should be shown.

Fixed three bugs with the url_for/redirect_to/link_to handling. Considering the url http://localhost:81/friends/show/1